HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free and registered users see less advertising! If you just want to browse through the existing questions, just select the forum that you want to visit from the selection below. Otherwise, click here to register!. We highly recommend that you print a copy of our Guide for New Members. Enjoy!

Re:Another PHP Vulnerability

[quote author=Lovechild link=board=9;threadid=4295;start=0#42522 date=1027441016]
no worse than other development styles, plus we fix bugs quicker...
[/quote]

i'm not saying it's worse and yes, we do fix them quicker
however, it doesn't matter

if u read articles about security in open source and security in proprietary code they will include links to stories like this.. about vulnerabilities in PHP, Apache, ...
they won't mention however that fixes are usually out the next day (if it takes that long in the first place). in fact, they won't even mention the fixes at all. they will just say: &quot;hey look, they had vulnerabilities too&quot;

now your probably thinking &quot;so what? it's obvious that these sites suck and are of no value&quot;
yes that's true, but the people we are trying to convert to open source are exactly the kind of people who read those sites

Re:Another PHP Vulnerability

Well I normally convert my friends and they all know my servers track record of getting succesfully hacked... and they of course know how stable my PC is. So I don't really care about many of those theorical security bugs as most of them really are.

Re:Another PHP Vulnerability

Lovechild: when big software like Apache, OpenSSH, PHP, BIND, etc. all appear on BugTraq it IS bad. In the case of a commercial application, someone who knows nothing (IT, MCSE, etc.) thinks &quot;Oh, it's because it's such a big app and has so much features; it's normal that they have a security flaw once in a while.&quot; But when it's about open-source, the reaction can be more like: &quot;What can you expect from people that are not paid? They don't know their stuff and they probably put these intentionally!&quot;

Re:Another PHP Vulnerability

I personally don't know many people who actually read BugTraq (or similar services) and those that do know that nobody is perfect least of all programmers.

The problem really is that people who don't know dick about software print about &quot;serious&quot; bugs in software when ever there's a slow news day. And if you notice it, most of those news end with the message:
&quot;A fix has already been made, get it here&quot;

unless of course they are reporting about M$ in which case I have never seen such a message. or that, this is a bug scheduled to be fixed in the next Service pack...